Wednesday, April 27, 2011

Apple issues Q&A on "Locationgate", and addresses key issues

Apple rather belatedly issued a Q&A on the whole "LocationGate" saga. This confirms what I said about the data being a cache of cell tower and wifi locations. The fact that this was kept for up to a year was a bug. Within the next few weeks they will reduce this to 7 days, they will not back up the cache any longer, and they will turn off the cache when you turn location services off, which addresses the issue reported by the Wall Street Journal and widely re-reported.. These are all good actions to take, and address the key issues in my opinion. It does reinforce the importance of developers being careful about location security, and Apple was slack in this case, even though the potential risks were much less dire than widely reported.

Note that in the short term if you are concerned, you can encrypt your iPhone database backup just by checking a box on the front page in iTunes (after plugging in your iPhone). If you do this, the current location log cannot be accessed by someone who hacks into your computer.

3 comments:

I agree that the iPhone *should* "turn off the cache when you turn location services off." However, what Apple said in their Press Info is that Apple "deletes this cache entirely when Location Services is turned off." This doesn't make sense and looks like a wording error to me. Can you get Apple to clarify?

I think this approach is reasonable. The cache will only store 7 days worth of data now anyway, and will quickly build up again if you turn location services back on. It makes sense for Apple to take a more conservative approach on privacy given all the recent fuss.

Also I think they should have a way to allow a user to delete the cache at any time - this will be at least one way to do that, though maybe not as obvious as a "clear location cache" in settings, which they didn't mention.

Peter Batty

About me

Peter Batty is a co-founder and CTO of the geospatial division at Ubisense. He has worked in the geospatial industry for 25 years and has served as CTO for two leading companies in the industry (and two of the world's top 200 software companies), Intergraph and Smallworld (now part of GE Energy). He served on the board of OSGeo from 2011 to 2013 and chaired the FOSS4G 2011 conference in Denver. He serves on the advisory board of Aero Glass. See here for a more detailed bio. You can email Peter at peter@ebatty.com, and can see videos of some of his conference presentations here.